Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

For decades, penetration testing has been the gold seal of cybersecurity. Auditors love them. Insurance brokers demand them. Your board sees them and believes the “secure” box for your company has been sufficiently checked. And to be clear: manual pen tests have an important place. For compliance mandates, regulatory filings, or mission-critical systems, there’s no substitute for a skilled third-party team that probes your environment.

The remote procedure call (RPC) protocol is one of the building blocks of Microsoft Windows and is widely used for inter-process communication between clients and servers. When RPC clients search for a server based only on a universally unique identifier (UUID) of an interface—without specifying an endpoint—they will go through the Endpoint Mapper (EPM). It will connect them to an endpoint that a server registered, exposing the interface the clients are looking for.

Over the past few months, the team has been working on some pretty cool things for the Tines platform. Check out this video for the biggest highlights, or use the following timestamps to jump to a specific topic.

After years of drafts, revisions, and shifting timelines, the Cybersecurity Maturity Model Certification (CMMC) program is no longer just a concept. It's a contractual requirement, and enforcement begins soon. ‍ On September 9, 2025, the U.S. Department of Defense (DoD) released the final CMMC rule (48 CFR) for public inspection, with official publication in the Federal Register on September 10. From this point forward, all DoD contracts require some level of CMMC certification. ‍

Managed Detection and Response (MDR) services are experiencing significant growth due to the increasing sophistication and frequency of cyberthreats. As the cybersecurity landscape continues to evolve with more frequent, targeted, and sophisticated threats, organizations are increasingly turning to MDR to shore up their cyber defenses. But what exactly is behind the rising adoption of MDR security services, and what makes these services such a compelling option for modern enterprises?

Modern development teams do far more than simply write code. Now, with the help of AI, software development organizations are orchestrating its creation, maintenance, and delivery at a bigger scale than ever before. Tools like Windsurf and Devin from Cognition help developers across the Software Development Lifecycle (SDLC) by augmenting people with multi-step reasoning agents that can write code.

In the rapidly evolving landscape of AI, Retrieval-Augmented Generation (RAG) has become the go-to solution for grounding language models in factual data. It has been effective for question-answering, but for complex, exploratory tasks that demand vast data analysis and culminate in a structured narrative, we must look beyond simple RAG. This isn’t just a theoretical challenge, it's the next step in our own product journey: This progression now culminates in a more advanced capability.

Choosing the wrong AST (Application Security Testing) platform doesn't just waste your budget. It leads to: In its latest research, “How to Avoid Common Pitfalls in Selecting Application Security Testing Tools,” Gartner highlights the five most common mistakes security leaders make when evaluating AST platforms. In this blog, we break down Gartner’s key insights and share what teams should look for when choosing a tool that works in the real world.